Defense Trade Compliance
Glenn E. Smith
Chief, Enforcement Division
Office of Defense Trade Controls Compliance
“Partnering for Compliance” East Coast Conference
February 23-25, 2011
Orlando, Florida
Presentation Topics
• Organization of Compliance at State
• Civil Enforcement Trends
• Consent Agreements
• Voluntary Disclosures
• Compliance Tips
• How Industry can Assist
2
Organization of Compliance at State
Compliance & Registration
Division
Dan Cook, Chief
Lisa Studtmann, Director
Greg Slavens
ICE Liaison
Daniel Buzby, Deputy Director
Orlando Odom
FBI Liaison
Enforcement Division
Glenn Smith, Chief
Research & Analysis Division
Ed Peartree, Chief
• Registration of manufacturers,
exporters & brokers
• Voluntary & directed
disclosures
• ‘Blue Lantern’ end-use
monitoring program
• Company Mergers &
Acquisitions
• Civil enforcement actions:
charging letters & consent
agreements, policies of denial,
debarments, transaction
exceptions and reinstatements
• Watch List screening &
maintenance
• Company Visit Program
• Consent Agreement
Monitoring
• PM lead on CFIUS
• Support to the law enforcement
community for criminal
enforcement
• Compliance Report
• Intelligence research projects
• AECA Section 3 reports to
Congress
3
Civil Enforcement Trends (FY10)
Voluntary Disclosures
•
Over 1200 voluntary disclosures of civil violations by industry
– Rate consistent with 2009 figures . 10% increase from FY08 and
over a 100% increase from FY06
– industry more focused on compliance and willing to disclose
– industry establishing internal auditing-but additional focus is
needed
– “due diligence” as part of mergers & acquisitions
– effect of consent agreements & fines
– expansion of USG compliance education & outreach efforts
• “Company Visit Program” – DDTC
• “Project Shield America” – DHS/ICE
• “Domain Program” – FBI
4
Civil Enforcement Trends (FY10)
Directed Disclosures
• 58 directed disclosures issued by DTCC
– Approximately half of 2009 figures.
– disclosures increasingly more focused and remedial
actions imposed
– better to disclose voluntarily than under direction
5
Civil Enforcement Trends (FY10)
Disclosure Violations
• Nature or pattern of violations appears not to have changed
from previous years:
– unauthorized export of hardware, data or services
– exceeding scope of license approval
– foreign person employment (you and your subcontractors)
– improper use of exemptions
– exceeding dollar value of agreements (TAAs and MLAs)
– violating provisos and other conditions of approval
– misclassification of hardware/technical data
6
Civil Enforcement - Disclosure Review
• Harm to U.S. foreign policy or national security
• Adherence to law, regulations and DDTC’s licensing and
compliance policies
• Severity of violation (minor or substantive, procedural or
judgmental, once or repeated, unique or systemic)
• Company’s approach & commitment to compliance
• Implementation of remedial measures
• Improvement of company’s compliance program
7
Civil Enforcement
What violations prompt civil penalties?
• Harm to U.S. National Security or Foreign Policy
Interests
• Undermine the integrity of the legal and regulatory
system
8
Civil Enforcement Trends (FY10)
Consent Agreements
Consent Agreements - Since 2003
•
•
•
•
25 consent agreements
Fines over $180 million
Remedial Measures
Reporting and Oversight
9
Causes of Violations
• Compliance program is not well established.
• Program lacks organization and oversight.
• Insufficient resources (human and financial) to insure
effective compliance.
• Training not systemic or tailored.
• No internal audit or periodic review to assess program.
10
Causes of Violations
• Record-keeping of all elements of defense trade
activity is insufficient or not centralized to track
activity from beginning to end.
• Program has not evolved to account for change or
growth in company’s regulated business activity
(e.g., mergers & acquisitions).
• Compliance program is outdated and does not
reflect current regulations and relevant
procedures.
11
Fines & Penalties
Civil Violations of the AECA & ITAR
• $500,000 for each violation
• Extra compliance measures
• Debarment
(Remember: Successor liability applies after
merger/acquisition.)
Criminal Violations of the AECA & ITAR
• $1 million for each violation
• 20 years imprisonment (see latest Iranian Sanctions
Legislation) Increase from 10 to 20 years
• Debarment
12
Consent Agreements
Violations Charged
Common Violations in Consent Agreements
•
•
•
•
•
•
•
Omissions of material facts and false statements
Unauthorized exports of articles and services
Violating terms of an authorization
Classified exports in violation of the ITAR
Record-keeping
Unauthorized Proposals to §126.1 countries
Misclassification of hardware and technical data
13
Consent Agreements
Lessons Learned
What drives these violations?
•
•
•
•
•
•
•
Lack of corporate commitment
Insufficient ITAR training
Unclear policies/procedures
Poor record keeping/tracking systems
Insufficient resources
Poor or non-existing audit procedures
Lax security – IT and classified handling
Understanding the root causes of a violation is key to preventing future
violations!
14
Voluntary Disclosure:
Areas of Increased Attention
Voluntary Disclosures
• Who was involved and how were decisions
made. (Key focus for DTCC.)
• Provide the who, what, when and how.
• Follow ITAR §127.12(c)(2) and provide all the
required information.
• DTCC is as concerned about how a violation
occurred as well as that it happened.
• Use of passive voice and vague descriptions do
not satisfy disclosure requirements in the ITAR.
15
Voluntary Disclosure:
Areas of Increased Attention
Voluntary Disclosures
• Corrective actions implemented or to be
implemented to ensure the violations do not
occur again.
• Provide copies of manuals and or procedures.
• Provide evidence of training.
• Provide evidence that procedures are being
implemented effectively.
16
Voluntary Disclosure:
Areas of Increased Attention
Remember:
• Technology derived from U.S. technology remains
controlled under the ITAR.
• Disclosures involving repeat violations where
“remediation” already claimed to have been
implemented needs explanation.
• Disclosures are not data dumps – submissions
should be organized and tell the story.
17
Key Elements of Compliance Manual
Internal compliance document should
address:
1. Organizational structure
2. Resources dedicated to export
control
3. Contracts/marketing screening
4. Non-U.S. person employment
5. Physical security of the ITAR
facility
6. Network security
7. License preparation
8. Use of exemptions
9. Foreign travel
10. Foreign visitors
11. Record keeping
12. Reporting
13. License maintenance
14. Actual shipping processes
15. ITAR training
16. Internal monitoring and
audits
17. Voluntary disclosures and
discovery of export
violations
18. Violations and penalties
18
Compliance Tips
•
Establish senior level commitment to strict adherence to
all export control laws and regulations
•
Establish and maintain and effective export compliance
program
•
Involve all elements of the business – legal, marketing,
travel, personnel, etc… all play a role
•
Establish a “culture of compliance” to ensure these
procedures are followed
19
Compliance Tips
•
Self-audit to identify problems and correct weaknesses
•
Keep your program up to date with regulatory changes
and changes in your business
•
Establish training requirements tailored to job
responsibilities and risk
•
Recognize that there are no shortcuts
•
Network with others in the industry to learn from them
20
Compliance Tips
• Establish Clear and Open Communication with Partners
Before and After License Approvals:
o Ensure complete and accurate information
o Ensure changes in use/retransfers are authorized
• Understand limitations of authorizations
• Due diligence on foreign parties is not difficult
• Identify and resolve “warning flags” before submitting
application
• Knowing your foreign parties is in your best interest
21
Compliance Tips
•
An inventory control system to track whereabouts of
defense articles through final delivery
•
Remind and educate the end-user of their obligations under
the ITAR
•
Notify the State Department if you receive derogatory
information on end-user or foreign consignees after license
approval
22
Compliance Tips
•
Vet parties using public lists of the regulatory agencies:
State, Commerce, and OFAC. Refer to the Excluded
Parties List System administered by the General Services
Administration
•
Enhance IT security. Prevent cyber attacks by
implementing the appropriate encryption and firewall
systems. Report events to DTCC in voluntary disclosure
23
Management Should Remember
• The importance of export compliance to our national
security and foreign policy interest is great
• Enforcement is improving - more information on
violations coming in as leads and tips have grown
• Government’s ability to investigate and use
information is improving – cooperation is real.
• Claims of ignorance or surprise at violations is harder
to argue with any credibility.
• Strict liability applies - a heavy burden and cost when
not done correctly. Licensor is responsible for nearly
24
all aspects of export transactions.
How Industry Can
Assist Enforcement Efforts
• Good compliance means self-enforcement
• Industry has more eyes and ears available to uncover
suspected violations
• Industry has greater access to useful information
regarding compliance issues
• Industry has been instrumental in sensitizing and
educating suppliers and vendors
• Willingness by industry to share and publish best
practices with other members of the community
25
Why Share Information with DTCC
• It’s the right thing to do
• To protect and secure our national security
• Maintain level playing field and prevent unfair
advantage
• Protect proprietary information and maintain
competitive technology lead
26
How Leads and Information are Provided to
DTCC
•
•
•
•
•
•
Phone calls
Letters (to include anonymous)
Emails
Fax
Conversations (including conferences)
Hand written note on 3x5 cards
27
How is the Information Used?
• Used within DTCC to support
administrative/civil investigations
• If warranted, we will share with DHS/ICE,
FBI or the Department of Justice for potential
criminal investigation or intelligence reporting.
28
How is the Information Handled?
How is the information handled?
-We will only share internally within the
U.S. Government.
29
Examples of Leads Provided to DTCC
1. Fabrication of TAA and approval letter.
2. Deliberately deleting export control statement
and company logo on technical drawings-then
exporting w/o authorization.
3. Deliberately allowing foreign persons access to
facility, technical data and exporting hardware
w/o a license.
4. Deliberately conducting technical discussions
with foreign person while license was pending
with DDTC.
5. Competitor shipping identical hardware to
proscribed destination.
30
Leads, tips or questions
on compliance and enforcement
• Glenn Smith
Chief, Enforcement Division
202-632-2799
31
Suggested Reading
•
Arms Export Control Act (AECA), Sections 38-40
(22 U.S.C. 2778-2780) (P.L. 90-629)
•
International Traffic in Arms Regulations (22 CFR 120-130)
•
•
•
•
•
•
•
•
•
•
•
Definitions
U.S. Munitions List
Registration
Licenses
Agreements
Technical Data
Policies & Provisions
Compliance
Brokering
Contributions, Fees &
Commissions
120
121
122
123
124
125
126
127 & 128
129
130
DDTC’s website: www.pmddtc.state.gov
32
Useful Information
• U.S. Department of State
Directorate of Defense Trade Controls
•
•
•
• Website:
www.pmddtc.state.gov
Response Team Telephone Number:
• 202-663-1282
•
• Response Team E-mail:
DDTCResponseTeam@state.gov
33